203846 – Konqueror crashes when selecting text (khtml::CachedFontInstance::cachedCharWidth)

Bug 203846 - Konqueror crashes when selecting text (khtml::CachedFontInstance::cachedCharWidth)

Summary: Konqueror crashes when selecting text (khtml::CachedFontInstance::cachedCharW...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	4.3.0
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	211257 (view as bug list)
Depends on:
Blocks:

Reported:	2009-08-14 16:50 UTC by Praveen Srinivasan
Modified:	2020-12-28 02:31 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Praveen Srinivasan 2009-08-14 16:50:12 UTC

Version:            (using KDE 4.3.0)
OS:                Linux
Installed from:    Ubuntu Packages

Sometimes konqueror crashes when selecting text; for example, I was selecting text on:

http://www.nytimes.com/2009/08/15/world/asia/15myanmar.html?_r=1&hp

and it crashed.

Comment 1 FiNeX 2009-08-15 10:50:16 UTC

Please, if you can reproduce, would you like to paste a complete backtrace? You can find some instructions on the following page:

http://techbase.kde.org/Contribute/Bugsquad/How_to_create_useful_crash_reports

Comment 2 Praveen Srinivasan 2009-08-15 23:59:46 UTC

Ok, here's a backtrace:

Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f40ec788750 (LWP 27704))]

Thread 3 (Thread 0x7f40d0953910 (LWP 27758)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x00007f40ec1c8442 in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x1f8fd50, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x1f8fd50, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f40ec1be4f2 in QThreadPoolThread::run (this=<value optimized out>) at concurrent/qthreadpool.cpp:140
#4  0x00007f40ec1c7425 in QThreadPrivate::start (arg=0x1f8fda0) at thread/qthread_unix.cpp:188
#5  0x00007f40e8f45a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
#6  0x00007f40e9b275fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f40d15df910 (LWP 27761)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x00007f40ec1c8442 in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x1f8fd50, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x1f8fd50, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f40ec1be4f2 in QThreadPoolThread::run (this=<value optimized out>) at concurrent/qthreadpool.cpp:140
#4  0x00007f40ec1c7425 in QThreadPrivate::start (arg=0x1d66bb0) at thread/qthread_unix.cpp:188
#5  0x00007f40e8f45a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
#6  0x00007f40e9b275fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f40ec788750 (LWP 27704)):
[KCrash Handler]
#5  khtml::CachedFontInstance::cachedCharWidth (this=0x3c832d8, chs=0x0, pos=0, len=1, fast=true, start=0, end=0, toAdd=0) at ../../khtml/rendering/font.h:71
#6  khtml::Font::width (this=0x3c832d8, chs=0x0, pos=0, len=1, fast=true, start=0, end=0, toAdd=0) at ../../khtml/rendering/font.cpp:368
#7  0x00007f40d515e970 in khtml::InlineTextBox::widthFromStart (this=0x3dbbbd8, pos=1) at ../../khtml/rendering/render_text.cpp:593
#8  0x00007f40d515eed9 in khtml::RenderText::caretPos (this=0x3dbb9b8, offset=1, flags=<value optimized out>, _x=@0x3119c90, _y=@0x3119c94, width=<value optimized out>, height=@0x3119c98)
    at ../../khtml/rendering/render_text.cpp:998
#9  0x00007f40d50c96ab in DOM::Selection::layoutCaret (this=0x3119c48) at ../../khtml/xml/dom_selection.cpp:475
#10 0x00007f40d50c9703 in DOM::Selection::getRepaintRect (this=0x3c83330) at ../../khtml/xml/dom_selection.cpp:484
#11 0x00007f40d50c9d98 in DOM::Selection::needsCaretRepaint (this=0x3119c48) at ../../khtml/xml/dom_selection.cpp:508
#12 0x00007f40d501569c in KHTMLPart::selectionLayoutChanged (this=0x3116220) at ../../khtml/khtml_part.cpp:3401
#13 0x00007f40d5018158 in KHTMLPart::notifySelectionChanged (this=0x3c83330, closeTyping=false) at ../../khtml/khtml_part.cpp:3415
#14 0x00007f40d501828b in KHTMLPart::setCaret (this=0x3116220, s=..., closeTyping=false) at ../../khtml/khtml_part.cpp:3289
#15 0x00007f40d501840e in KHTMLPart::extendSelectionTo (this=0x3116220, x=<value optimized out>, y=<value optimized out>, innerNode=<value optimized out>) at ../../khtml/khtml_part.cpp:6227
#16 0x00007f40d501855c in KHTMLPart::handleMouseMoveEventSelection (this=0x3116220, event=0x7fff683b9ca0) at ../../khtml/khtml_part.cpp:6377
#17 0x00007f40ec2bd0a5 in QObject::event (this=0x3116220, e=0x7fff683b9ca0) at kernel/qobject.cpp:1142
#18 0x00007f40ea265efc in QApplicationPrivate::notify_helper (this=0x127c350, receiver=0x3116220, e=0x7fff683b9ca0) at kernel/qapplication.cpp:4056
#19 0x00007f40ea26d1ce in QApplication::notify (this=0x7fff683bc970, receiver=0x3116220, e=0x7fff683b9ca0) at kernel/qapplication.cpp:4021
#20 0x00007f40eae9c4d6 in KApplication::notify (this=0x7fff683bc970, receiver=0x3116220, event=0x7fff683b9ca0) at ../../kdeui/kernel/kapplication.cpp:302
#21 0x00007f40ec2adb7c in QCoreApplication::notifyInternal (this=0x7fff683bc970, receiver=0x3116220, event=0x7fff683b9ca0) at kernel/qcoreapplication.cpp:610
#22 0x00007f40d5007f52 in QCoreApplication::sendEvent (this=0x3114340, _mouse=<value optimized out>) at /usr/include/qt4/QtCore/qcoreapplication.h:213
#23 KHTMLView::mouseMoveEvent (this=0x3114340, _mouse=<value optimized out>) at ../../khtml/khtmlview.cpp:1539
#24 0x00007f40ea2b47b2 in QWidget::event (this=0x3114340, event=0x7fff683ba910) at kernel/qwidget.cpp:7534
#25 0x00007f40ea6100d6 in QFrame::event (this=0x3114340, e=0x7fff683ba910) at widgets/qframe.cpp:559
#26 0x00007f40d5004ff5 in KHTMLView::widgetEvent (this=0x3114340, e=0x0) at ../../khtml/khtmlview.cpp:2325
#27 0x00007f40d50052bf in KHTMLView::eventFilter (this=0x3114340, o=0x3116650, e=0x7fff683ba910) at ../../khtml/khtmlview.cpp:2189
#28 0x00007f40ec2ace97 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x3116650, event=0x7fff683ba910) at kernel/qcoreapplication.cpp:726
#29 0x00007f40ea265ecc in QApplicationPrivate::notify_helper (this=0x127c350, receiver=0x3116650, e=0x7fff683ba910) at kernel/qapplication.cpp:4052
#30 0x00007f40ea26d011 in QApplication::notify (this=<value optimized out>, receiver=0x3116650, e=0x7fff683ba910) at kernel/qapplication.cpp:3758
#31 0x00007f40eae9c4d6 in KApplication::notify (this=0x7fff683bc970, receiver=0x3116650, event=0x7fff683ba910) at ../../kdeui/kernel/kapplication.cpp:302
#32 0x00007f40ec2adb7c in QCoreApplication::notifyInternal (this=0x7fff683bc970, receiver=0x3116650, event=0x7fff683ba910) at kernel/qcoreapplication.cpp:610
#33 0x00007f40ea26c8e0 in QCoreApplication::sendSpontaneousEvent (receiver=0x3116650, event=0x7fff683ba910, alienWidget=0x3116650, nativeWidget=0x315dd30, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#34 QApplicationPrivate::sendMouseEvent (receiver=0x3116650, event=0x7fff683ba910, alienWidget=0x3116650, nativeWidget=0x315dd30, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>) at kernel/qapplication.cpp:2924
#35 0x00007f40ea2d295e in QETWidget::translateMouseEvent (this=0x315dd30, event=<value optimized out>) at kernel/qapplication_x11.cpp:4409
#36 0x00007f40ea2d19f9 in QApplication::x11ProcessEvent (this=<value optimized out>, event=0x7fff683bc440) at kernel/qapplication_x11.cpp:3550
#37 0x00007f40ea2fac2c in x11EventSourceDispatch (s=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:146
#38 0x00007f40e9196a8e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#39 0x00007f40e919a458 in ?? () from /usr/lib/libglib-2.0.so.0
#40 0x00007f40e919a580 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#41 0x00007f40ec2d60f6 in QEventDispatcherGlib::processEvents (this=0x11dae70, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#42 0x00007f40ea2fa3de in QGuiEventDispatcherGlib::processEvents (this=0x3c83330, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#43 0x00007f40ec2ac482 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#44 0x00007f40ec2ac854 in QEventLoop::exec (this=0x7fff683bc770, flags=) at kernel/qeventloop.cpp:201
#45 0x00007f40ec2aea09 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#46 0x00007f40e1559206 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#47 0x0000000000406da8 in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=16, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x12285d4 "psrin-desktop;1250373405;298760;4074_TIME111880264") at ../../kinit/kinit.cpp:676
#48 0x0000000000407aa0 in handle_launcher_request (sock=7, who=<value optimized out>) at ../../kinit/kinit.cpp:1168
#49 0x0000000000407f51 in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1361
#50 0x0000000000408bb2 in main (argc=2, argv=<value optimized out>, envp=<value optimized out>) at ../../kinit/kinit.cpp:1788

Comment 3 Maksim Orlovich 2009-08-16 16:44:09 UTC

Interesting bt...

Comment 4 Christophe Marin 2009-10-21 00:04:53 UTC

*** Bug 211257 has been marked as a duplicate of this bug. ***

Comment 5 Martin Koller 2011-07-07 20:40:16 UTC

Testing with 4.6.5 I do not see a crash but konqi enters an endless loop it seems, using 100% CPU when doing some selections.
What I see on that HTML page is that after I selected some text, a question mark bubble-like tooltip appears over the selected text and when I continue to select some other text, the 100% CPU loop happens.
Attaching with gdb in this case gives the following stack:

#0  0xb27bfa0b in DOM::Position::equivalentDownstreamPosition (this=0xbfffc658)
    at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_position.cpp:467
#1  0xb27c3642 in DOM::Selection::getRange (this=0xbfffc8e8, st=@0xbfffc6fc, so=@0xbfffc6f4, en=@0xbfffc6f8, eo=
    @0xbfffc6f0) at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_selection.cpp:440
#2  0xb27c39c1 in DOM::Selection::toRange (this=0xbfffc8e8)
    at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_selection.cpp:466
#3  0xb29a1056 in KJS::DOMSelectionProtoFunc::callAsFunction (this=0xaeb8c780, exec=0xbfffcd4c, thisObj=0xaeb82d00, args=
    ...) at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_range.cpp:447
#4  0xb24feccb in call (exec=0xbfffcd4c, codeBlock=..., parentExec=0xbfffd21c)
    at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#5  KJS::Machine::runBlock (exec=0xbfffcd4c, codeBlock=..., parentExec=0xbfffd21c) at codes.def:1223
#6  0xb24dcaa6 in KJS::FunctionImp::callAsFunction (this=0xaf066680, exec=0xbfffd21c, thisObj=0xae3257e0, args=...)
    at /usr/src/debug/kdelibs-4.6.5/kjs/function.cpp:172
#7  0xb24c2ad6 in call (this=0xafa2a300, exec=0xbfffd21c, thisObj=0xaf066680, args=...)
    at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#8  KJS::FunctionProtoFunc::callAsFunction (this=0xafa2a300, exec=0xbfffd21c, thisObj=0xaf066680, args=...)
    at /usr/src/debug/kdelibs-4.6.5/kjs/function_object.cpp:139
#9  0xb24feccb in call (exec=0xbfffd21c, codeBlock=..., parentExec=0x8f0c140)
    at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#10 KJS::Machine::runBlock (exec=0xbfffd21c, codeBlock=..., parentExec=0x8f0c140) at codes.def:1223
#11 0xb24dcaa6 in KJS::FunctionImp::callAsFunction (this=0xae325cc0, exec=0x8f0c140, thisObj=0xae3257e0, args=...)
    at /usr/src/debug/kdelibs-4.6.5/kjs/function.cpp:172
#12 0xb29ad2c6 in call (this=0xb7830b0, evt=...) at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#13 KJS::JSEventListener::handleEvent (this=0xb7830b0, evt=...)
    at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_events.cpp:108
#14 0xb27b5f6e in DOM::EventTargetImpl::handleLocalEvents (this=0xb3ecfb0, evt=0xb7cd9a8, useCapture=false)
    at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom2_eventsimpl.cpp:62
#15 0xb278d5f7 in DOM::NodeImpl::dispatchGenericEvent (this=0xb3f1ea8, evt=0xb7cd9a8)
    at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_nodeimpl.cpp:481
---Type <return> to continue, or q <return> to quit---
#16 0xb278db2c in DOM::NodeImpl::dispatchEvent (this=0xb3f1ea8, evt=0xb7cd9a8, exceptioncode=@0xbfffd55c, tempEvent=true) 
    at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_nodeimpl.cpp:401                                                        
#17 0xb26d3dc0 in KHTMLView::dispatchMouseEvent (this=0x8cf8508, eventId=5, targetNode=0xb3f1ea8, targetNodeNonShared=    
    0xba30808, cancelable=true, detail=0, _mouse=0xbfffdde4, setUnder=false, mouseEventType=1, orient=0)                  
    at /usr/src/debug/kdelibs-4.6.5/khtml/khtmlview.cpp:3609                                                              
#18 0xb26d4d3e in KHTMLView::mouseReleaseEvent (this=0x8cf8508, _mouse=0xbfffdde4)                                        
    at /usr/src/debug/kdelibs-4.6.5/khtml/khtmlview.cpp:1565                                                              
#19 0xb64b1c00 in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4                                                  
#20 0xb68cbb45 in QFrame::event(QEvent*) () from /usr/lib/libQtGui.so.4                                                   
#21 0xb26dc1ec in KHTMLView::widgetEvent (this=0x8cf8508, e=0xbfffdde4)                                                   
    at /usr/src/debug/kdelibs-4.6.5/khtml/khtmlview.cpp:2208                                                              
#22 0xb26dc5d2 in KHTMLView::eventFilter (this=0x8cf8508, o=0x8ce4ba8, e=0xbfffdde4)                                      
    at /usr/src/debug/kdelibs-4.6.5/khtml/khtmlview.cpp:2053
#23 0xb6fc0ef6 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) ()
   from /usr/lib/libQtCore.so.4
#24 0xb64566b4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#25 0xb6460000 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#26 0xb74f50f1 in KApplication::notify (this=0xbfffe780, receiver=0x8ce4ba8, event=0xbfffdde4)
    at /usr/src/debug/kdelibs-4.6.5/kdeui/kernel/kapplication.cpp:311
#27 0xb6fc0d5e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#28 0xb645778c in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/libQtGui.so.4
#29 0xb64e3bec in ?? () from /usr/lib/libQtGui.so.4
#30 0xb64e2d0e in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4
#31 0xb650d5d0 in ?? () from /usr/lib/libQtGui.so.4
#32 0xb5b56b49 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#33 0xb5b57350 in ?? () from /usr/lib/libglib-2.0.so.0
#34 0xb5b5760e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#35 0xb6fef53b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
---Type <return> to continue, or q <return> to quit---
   from /usr/lib/libQtCore.so.4
#36 0xb650d1ca in ?? () from /usr/lib/libQtGui.so.4
#37 0xb6fc003d in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#38 0xb6fc0269 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#39 0xb6fc4d10 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#40 0xb64543e4 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#41 0xb7f8638f in kdemain (argc=1, argv=0xbfffea34) at /usr/src/debug/kdebase-4.6.5/konqueror/src/konqmain.cpp:219
#42 0x0804860b in main (argc=1, argv=0xbfffea34)
    at /usr/src/debug/kdebase-4.6.5/build/konqueror/src/konqueror_dummy.cpp:3

Comment 6 Raúl 2012-05-04 08:35:31 UTC

Hello:
@Martin: Are you sure the backtrace you posted is the same as the originally reported? In any case it's very similar (if not the same) as https://bugs.kde.org/show_bug.cgi?id=188445 or https://bugs.kde.org/show_bug.cgi?id=254955

Besides this, I can't provide any information about the originally reported backtrace.

Regards,

Comment 7 Martin Koller 2012-05-04 08:51:02 UTC

The original backtrace is from a crash. My backtrace  comes from an investigation during 100%CPU from inside gdb (no crash) while testing this bug entry.

Comment 8 Justin Zobel 2020-12-09 02:12:51 UTC

Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.

Comment 9 Bug Janitor Service 2020-12-24 04:34:25 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 10 Raúl 2020-12-26 23:32:11 UTC

Hello: I'm not having either crash or 100% CPU usage with:
Debian unstable
Konqueror 20.08.03
KDE Frameworks 5.77.0
Qt 5.15.2

Comment 11 Justin Zobel 2020-12-28 02:31:19 UTC

Thanks for the update Raul. I'm marking this as resolved. If anyone else is still experiencing the issue please feel free to reopen this report.